CVE-2019-25316 MEDIUM

CVE-2019-25316: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting

Vendor Goautodial

Product GOautodial

Weakness CWE-79 · XSS

Published February 11, 2026

Last update March 5, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary JavaScript in victim browsers.

Key dates

02Disclosure timeline

February 11, 2026 CVE published

March 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25316 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-47594 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC) CVE-2025-62662 Stored XSS through system messages in AdvancedSearch CVE-2024-56014 WordPress Olivia Theme <= 0.9.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-10185 StreamWeasels YouTube Integration <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-youtube-embed Shortcode CVE-2026-42090 Notesnook: RCE via stored XSS in note export rendering